[LON-CAPA-cvs] cvs: loncom(version_2_11_X) /auth lonroles.pm

[raeburn]

raeburn		Tue Sep 25 22:51:44 2012 EDT

  Modified files:              (Branch: version_2_11_X)
    /loncom/auth	lonroles.pm 
  Log:
  - For 2.11.
    - Backport 1.276.
  
  
Index: loncom/auth/lonroles.pm
diff -u loncom/auth/lonroles.pm:1.269.2.2 loncom/auth/lonroles.pm:1.269.2.3
--- loncom/auth/lonroles.pm:1.269.2.2	Mon Aug 27 11:48:24 2012
+++ loncom/auth/lonroles.pm	Tue Sep 25 22:51:43 2012
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # User Roles Screen
 #
-# $Id: lonroles.pm,v 1.269.2.2 2012/08/27 11:48:24 raeburn Exp $
+# $Id: lonroles.pm,v 1.269.2.3 2012/09/25 22:51:43 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -585,11 +585,52 @@
 				    $furl = "/adm/helper/course.initialization.helper";
 				    # Send the user to the course they selected
 				} elsif ($env{'request.course.id'}) {
-                                    if ($env{'form.destinationurl'}) {
-                                        my $dest = $env{'form.destinationurl'};
-                                        if ($env{'form.destsymb'} ne '') {
-                                            my $esc_symb = &HTML::Entities::encode($env{'form.destsymb'},'"<>&');
-                                            $dest .= '?symb='.$esc_symb;
+                                    my ($dest,$destsymb,$checkenc);
+                                    $dest = $env{'form.destinationurl'};
+                                    $destsymb = $env{'form.destsymb'};
+                                    if ($dest ne '') {
+                                        if ($env{'form.switchrole'}) {
+                                            if ($destsymb ne '') {
+                                                if ($destsymb !~ m{^/enc/}) {
+                                                    unless ($env{'request.role.adv'}) {
+                                                        $checkenc = 1;
+                                                    }
+                                                }
+                                            }
+                                            if ($dest =~ m{^/enc/}) {
+                                                if ($env{'request.role.adv'}) {
+                                                    $dest = &Apache::lonenc::unencrypted($dest);
+                                                    if ($destsymb eq '') {
+                                                        ($destsymb) = ($dest =~ /\?symb=([^\&]*)/);
+                                                        $destsymb = &unescape($destsymb);
+                                                    }
+                                                }
+                                            } else {
+                                                if ($destsymb eq '') {
+                                                    ($destsymb) = ($dest =~ /\?symb=([^\&]+)/);
+                                                    $destsymb = &unescape($destsymb);
+                                                }
+                                                unless ($env{'request.role.adv'}) {
+                                                    $checkenc = 1;
+                                                }
+                                            }
+                                            if (($checkenc) && ($destsymb ne '')) {
+                                                my ($encstate,$unencsymb,$res);
+                                                my $unencsymb = &Apache::lonnet::symbclean($destsymb);
+                                                (undef,undef,$res) = &Apache::lonnet::decode_symb($unencsymb);
+                                                &Apache::lonnet::symbverify($unencsymb,$res,\$encstate);
+                                                if ($encstate) {
+                                                    if (($dest ne '') && ($dest !~ m{^/enc/})) {
+                                                        $dest=&Apache::lonenc::encrypted($dest);
+                                                    }
+                                                }
+                                            }
+                                        }
+                                        unless (($dest =~ m{^/enc/}) || ($dest =~ /\?symb=.+___\d+___.+/)) {
+                                            if (($destsymb ne '') && ($destsymb !~ m{^/enc/})) {
+                                                my $esc_symb = &escape($destsymb);
+                                                $dest .= '?symb='.$esc_symb;
+                                            }
                                         }
                                         &redirect_user($r, &mt('Entering [_1]',
                                                        $env{'course.'.$courseid.'.description'}),